The vulnerability involves improper handling of AES-GCM streaming encryption/decryption for very large messages (>64 GiB). The streaming APIs fail to reject these large cumulative message sizes, resulting in counter wrap and keystream reuse. This cryptographic misuse can enable an attacker to recover plaintext from encrypted data. The vulnerability is identified as CVE-2026-55967 and is categorized under CWE-323 (Use of a Broken or Risky Cryptographic Algorithm). No affected versions or patch information are provided, and no known exploits are reported in the wild.

If exploited, this vulnerability allows an attacker to recover plaintext from encrypted messages due to keystream reuse caused by counter wrap in AES-GCM streaming encryption. However, exploitation requires processing extremely large single message sizes (>64 GiB), which may limit practical attack scenarios. No known active exploits have been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, avoid processing extremely large single messages with AES-GCM streaming APIs or implement application-level checks to reject such large message sizes to prevent counter wrap and keystream reuse.